{"title":"浮点错误和异常的符号测试","authors":"Dongyu Ma , Zeyu Liang , Luming Yin , Hongliang Liang","doi":"10.1016/j.jss.2024.112226","DOIUrl":null,"url":null,"abstract":"<div><div>Numerical software are susceptible to floating-point bugs and exceptions, which may lead to severe threats like denial of service attacks. Static analysis techniques such as symbolic execution are effective in detecting general bugs which often cause memory error or program crash. Unfortunately, these methods do not deal well with numerical code as they do not support floating-point constraints and math functions symbolically. In this paper, we propose a new analysis framework YUSE, which can detect floating-point bugs by constructing constraints and exploring paths which contain floating-point expressions. Specifically, we introduce interval computation and interval constraint propagation in non-relational numerical abstract domains, and symbolically model math functions, to accurately detect floating-point bugs and exceptions. Moreover, we leverage two-phase constraint solving to enhance YUSE’s performance. Experimental results show that YUSE outperforms two state-of-the-art tools, Frama-c and Fpse-study, in terms of effectiveness and efficiency, with 1.4<span><math><mo>×</mo></math></span> and 7.1<span><math><mo>×</mo></math></span> faster than Frama-c and Fpse-study, respectively. Moreover, YUSE found 20 new bugs in real-world software, 12 of which were assigned CVE IDs and 8 of which were confirmed by developers.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"219 ","pages":"Article 112226"},"PeriodicalIF":3.7000,"publicationDate":"2024-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Symbolic testing of floating-point bugs and exceptions\",\"authors\":\"Dongyu Ma , Zeyu Liang , Luming Yin , Hongliang Liang\",\"doi\":\"10.1016/j.jss.2024.112226\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Numerical software are susceptible to floating-point bugs and exceptions, which may lead to severe threats like denial of service attacks. Static analysis techniques such as symbolic execution are effective in detecting general bugs which often cause memory error or program crash. Unfortunately, these methods do not deal well with numerical code as they do not support floating-point constraints and math functions symbolically. In this paper, we propose a new analysis framework YUSE, which can detect floating-point bugs by constructing constraints and exploring paths which contain floating-point expressions. Specifically, we introduce interval computation and interval constraint propagation in non-relational numerical abstract domains, and symbolically model math functions, to accurately detect floating-point bugs and exceptions. Moreover, we leverage two-phase constraint solving to enhance YUSE’s performance. Experimental results show that YUSE outperforms two state-of-the-art tools, Frama-c and Fpse-study, in terms of effectiveness and efficiency, with 1.4<span><math><mo>×</mo></math></span> and 7.1<span><math><mo>×</mo></math></span> faster than Frama-c and Fpse-study, respectively. Moreover, YUSE found 20 new bugs in real-world software, 12 of which were assigned CVE IDs and 8 of which were confirmed by developers.</div></div>\",\"PeriodicalId\":51099,\"journal\":{\"name\":\"Journal of Systems and Software\",\"volume\":\"219 \",\"pages\":\"Article 112226\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2024-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Systems and Software\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S016412122400270X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems and Software","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016412122400270X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
Symbolic testing of floating-point bugs and exceptions
Numerical software are susceptible to floating-point bugs and exceptions, which may lead to severe threats like denial of service attacks. Static analysis techniques such as symbolic execution are effective in detecting general bugs which often cause memory error or program crash. Unfortunately, these methods do not deal well with numerical code as they do not support floating-point constraints and math functions symbolically. In this paper, we propose a new analysis framework YUSE, which can detect floating-point bugs by constructing constraints and exploring paths which contain floating-point expressions. Specifically, we introduce interval computation and interval constraint propagation in non-relational numerical abstract domains, and symbolically model math functions, to accurately detect floating-point bugs and exceptions. Moreover, we leverage two-phase constraint solving to enhance YUSE’s performance. Experimental results show that YUSE outperforms two state-of-the-art tools, Frama-c and Fpse-study, in terms of effectiveness and efficiency, with 1.4 and 7.1 faster than Frama-c and Fpse-study, respectively. Moreover, YUSE found 20 new bugs in real-world software, 12 of which were assigned CVE IDs and 8 of which were confirmed by developers.
期刊介绍:
The Journal of Systems and Software publishes papers covering all aspects of software engineering and related hardware-software-systems issues. All articles should include a validation of the idea presented, e.g. through case studies, experiments, or systematic comparisons with other approaches already in practice. Topics of interest include, but are not limited to:
•Methods and tools for, and empirical studies on, software requirements, design, architecture, verification and validation, maintenance and evolution
•Agile, model-driven, service-oriented, open source and global software development
•Approaches for mobile, multiprocessing, real-time, distributed, cloud-based, dependable and virtualized systems
•Human factors and management concerns of software development
•Data management and big data issues of software systems
•Metrics and evaluation, data mining of software development resources
•Business and economic aspects of software development processes
The journal welcomes state-of-the-art surveys and reports of practical experience for all of these topics.